OFFICE 365 CLOUD SECURITY ASSESSMENT
The information technology world is changing rapidly, and organisations are increasingly moving away from traditional on-premise IT systems in favour of cloud-based services such as Office 365. There are many benefits to using these services, but with these benefits come a whole host of new information security challenges.
The cloud can provide a highly secure and resilient service to many organisations – but only if it has been setup and configured in the right way. With an increased attack surface, it is more than essential to assure your cloud systems and know with confidence that your data, systems and people are safe.
As organisations evolve to take advantage of cloud-based technology, so too cyber-criminals evolve the techniques they use against us. With over 120 million users of Microsoft Office 365, it presents a large opportunity for attackers, who look to take advantage of a lack of understanding from consumers, and leverage the employees consuming the service.
LRQA Nettitude can help you to gain assurance that your Office 365 environment is configured securely and in line with good practices set out by Microsoft and the National Cyber Security Centre (NCSC). Our review goes beyond purely technical controls, and looks at the governance in place around your Office 365 environment, and the employees who use it.
What you can expect from an Office 365 review:
1. A review of processes governing your implementation;
2. Identification of security and control gaps;
3. Extensive knowledge about industry best practices;
4. A detailed and actionable report;
5. Identification of quick and meaningful recommendations;
6. Post assessment debrief detailing next steps.
If your organisation uses Office 365 and would like to gain assurance that you’re not exposed to common attacks, get in touch today to discuss an Office 365 security review.
What is an Office 365 Security Assessment?
The security optimisation assessment developed by LRQA Nettitude is a direct response to the increasing number of incidents that our own Threat Intelligence and Incident Response have seen. In relation to these other services within the business, this assessment primarily takes the aim of being a proactive measure for organisations before needing the reactive aid of Incident Response.
The assessment follows the guidance and best practices outlined by Microsoft themselves as well as the National Cyber Security Centre (NCSC). Combined with the expertise within LRQA Nettitude, a series of six domains have been developed, consisting of almost fifty requirements detailing different controls, tools, and processes that if in place can address weaknesses within configuration, management, and awareness.
The six domains defined in the assessment are shown below:
• Security Management
• Threat Protection
• Identity & Access Management
• User Awareness & Education
• Information Monitoring & Auditing
• Information Assurance
Get a free quote